The reasons behind the hack are still unclear. The letter goes on to say the hack:
“appears to have been the result of a third part using information obtained elsewhere on the internet, via an automated process, to gain access to your Executive Club account. We understand this was login information relating to a different online service which you may have also used to access your Executive Club account. We would like to reassure you that, although it does appear that the login attempt was successful, at this stage we are not aware of any access to any subsequent information pages within your account, including your flight history or payment card details.”
The airline then recommends that members change their passwords and provides a link to do so, though one source claims British Airways “should never have included a clickable link when they invited you to reset your password, as that’s a classic trick used by criminals phishing for login credentials.”
No new information has come forth, but at Paulson & Nace, PLLC we are monitoring this case for more details regarding how the hack was allowed to be perpetrated.
If you are a member of British Airways’ Executive Club, or have experienced a similar situations involving another company’s frequents flier miles or reward points, we want to know. Please contact Attorney Jonathan Nace, a Certified US Information Privacy Professional uniquely equipped to offer counsel in such matters.